CVE-2019-10954

An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5370_l1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5370_l1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5370_l2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5370_l2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5370_l3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5370_l3:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:rockwellautomation:armor_compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:armor_compact_guardlogix_5370:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:20

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/108118 - Broken Link () http://www.securityfocus.com/bid/108118 - Broken Link
References () https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01 - US Government Resource, Third Party Advisory () https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01 - Third Party Advisory, US Government Resource
References () https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979 - () https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979 -

20 Jun 2023, 15:15

Type Values Removed Values Added
References
  • (MISC) https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979 -
CWE CWE-787 CWE-121
Summary An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 to 30.014 and earlier. An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.

Information

Published : 2019-05-01 19:29

Updated : 2024-11-21 04:20


NVD link : CVE-2019-10954

Mitre link : CVE-2019-10954

CVE.ORG link : CVE-2019-10954


JSON object : View

Products Affected

rockwellautomation

  • compactlogix_5370_l3_firmware
  • armor_compact_guardlogix_5370_firmware
  • compactlogix_5370_l1
  • compactlogix_5370_l1_firmware
  • compact_guardlogix_5370_firmware
  • compactlogix_5370_l2_firmware
  • compact_guardlogix_5370
  • compactlogix_5370_l2
  • armor_compact_guardlogix_5370
  • compactlogix_5370_l3
CWE
CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write